Chrome will start marking HTTP sites as 'not secure'

Google's push for HTTPS adoption continues

The last few years have seen Google pushing for more sites to adopt HTTPS encryption, and it will soon offer another incentive for them to make the transition. Starting this July, with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure.”

Right now, Chrome shows a green padlock and a “secure” sign on HTTPS sites, whereas landing on an HTTP page displays only the web address. But with Chrome 68, all HTTP sites will carry a warning, which you can see below.

The move comes after Google began downranking HTTP sites back in 2015. Later, the release of Chrome 56 saw HTTP pages that collect passwords or credit card details marked as “Not Secure.”

Google’s quest to get more sites moving over to HTTPS has been a successful one. The company revealed that 81 out of the top 100 websites now use it as default. It added that over 78 percent of Chrome traffic on both Chrome OS and Mac is now encrypted, while 70 percent of Chrome traffic on Windows is now protected. The figure for Chrome traffic on Android stands at 68 percent.

Some websites have avoided moving to HTTPS because of the cost and difficulty involved with the process, but Google is trying to make the procedure as easy as possible. A new audit feature in Lighthouse, an automated tool for improving webpages, lets developers find which resources are loading via HTTP, and identifies those than can be upgraded simply by changing HTTP to HTTPS.

Back in December, it was revealed that an increasing number of phishing schemes were taking advantage of HTTPS. Many people believe the green padlock is a sign of a site’s trustworthiness, when it merely shows the data is encrypted in transit.